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EXECUTIVE SUMMARY 

Market Situation W 


In 2014, mobile devices and the concept of “staying 
connected" permeated our personal and professional lives 
at nearly every level.. The proliferation of these mobile 
devices can be seen from consumers, professionals, 
white collar, blue collar, no-collar, teenagers and even 
adolescents. They're everywhere, and they're all accessing 
data, downloading apps, playing games, getting directions, 
banking, working, selling and buying, chatting with friends 
or even committing crimes. The advent of the mobile device 
and the connectivity it offers has changed each and every 
one of our lives, in some way, and has shifted the course of 
our future. 

As long as there is progress and these devices continue to 
allow for more efficiencyand productivity than ever, they will 
also remain prime targetsfor accessing sensitive information 
on individual's lives, jobs and secrets. While mobile device 
manufacturers and application developers have been 
breaking new grounds with products, malware developers 
have been as well. Malware developers see the opportunity 
to ride the mobility of these devices, the data they access 
and the information they store, to gain access to not only 
our personal, but professional lives as well. Almost as soon 
as the first generation of mobile devices began accessing 


data, malware developers began developing and testing the 
tools and capabilities to look into those devices and steal 
the information that resides on them. That research and 
those tools have quickly evolved into legitimate threats to 
consumers and enterprises alike. 

What began as mere proof of concept and research in the 
early days of iOS and Android, quickly evolved into startling 
increases in mobile malware development. In 2011, we saw 
a move from proof-of-concept to profitability and smarter 
malware. Early mobile malware development, for Android 
specifically, showed developers testing capabilities by 
attempting to develop outright spyware applications to allow 
a third parties to monitor the data, communications, location 
and even conversations of a smartphone user. Developers 
tested limits by creating highly complex malware that 
rivaled the abilities of PC malware with full command and 
control (C&C) functionality. While primitive in its beginning, 
several progressions in development showed developers 
getting smarter at masking their C&C communication 
with encryption and obfuscation in both transit and in 
their coding efforts. Step-by-step, malware developers got 
better at creating complex, feature rich Android malware. 
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In the waning months of 2011, development and testing 
the limits of complex capabilities ceased, for a time, 
and the focus shifted to financial gain. Short message 
service (SMS) Trojans, that leveraged premium services, 
became more prevalent in Asian and Russian Markets. In 
fact, malware families such as Fake Installer and Opfake 
quickly became the leading actors in mobile malware, 
dwarfing early malware families in both count and reach. 
The simple purpose was to trick users into downloading 
seemingly legitimate applications that would then send 
SMS messages to premium services for a nominal, non- 
refundable fee. 

In 2012 and 2013 the mobile industry saw a maturing 
of mobile malware markets with the rapid expansion 
of threats that profit attackers, while mobile security 
research also grows exponentially. During that time, the 
prevalence of Fake Installer and Opfake applications 
appeared in the form of one in twenty applications from 
third party app stores being infected with malware. Nearly 
all of those infected applications contained some type of 
SMS Trojan capability, with the sole purpose of siphoning 
off small premium service charges. 


2014 saw Android malware development continuing 
to increase. While 2012 saw only 238 specific threat 
families, 2013 showed a 238 percent increase in threats 
to 804 known families of Android malware.1 2014 saw 
additional increases in threat families from 804 to 1,268 
known malware families affecting Android platforms. The 
growth of mobile malware continues to remain staunchly 
entrenched in Android as 97percent of all mobile malware 
was developed for the Android platform with 931,620 
unique samples of Android malware identified. 

2014 also saw more mobile malware development in a 
single year than any year. With nearly a million unique 
malware samples identified, it is no wonder that the mobile 
security industry reports2 seeing year-over-year increases 
in actual detection rates encountered by Android users. 

2015 is certainly going to be a year when mobile device 
users begin to take device security seriously, because the 
attackers already have been. 


"The mobile industry saw a 
maturing of mobile malware 
markets with the rapid 
expansion of threats that 
profit attackers, while mobile 
security research also grows 
exponentially." 
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MARKETS 


The Rise of Android 


The Pulse Secure Mobile Threat Center (MTC), has long 
held the position that the two leading factors that lend 
the Android platform as a point of interest for malware 
developers are market share and application ecosystem. 
Just as historical data of the PC market illustrates that 
Microsoft Windows' dominance of the PC market led to 
the focus of malware developers, so too does Android's 
dominance in attracting the new battle front in data theft 
in an increasingly mobile-centric consumer market. 

IDC reports that Android currently owns 85 percent of the 
world smartphone market with more than 255 million 
Android units being shipped in Q2 2014. That is up from 
79.6 percent in the same quarter last year and better than 
15 percent increase from 2012. The truly staggering statistic 
is an increase from 36.1 percent in Q2 2011. 

The majority of Android's strength comes from increases in low 
and ultra-low-end Android handsets into the Market. While iOS 
saw a slight drop from 13 percent to 11.7 percent, the demand 
for low cost smartphones has fueled growth of 16.5 percent 
since Q1 2014. Experts speculate that even with the release of 
iPhone 5c, iOS device price points continue to remain out of 
reach to the average global consumer. 


While Android's market share continues to steadily 
increase on the back of the availability of low-end Android 
handsets, this trend could prove to be yet another 
important factor attracting malware developers. Foryears, 
consumers and experts have shown concern over the 
fragmentation in Android versions running on handsets 
across the world. Historically, even high-end handset 
manufacturers have been slow at adopting the latest 
version of Android's operating system. This fragmentation 
trend will only increase as more and more low-end Android 
devices are unable to receive updates due to hardware and 
performance constraints on low-end devices. 

So why does market share drive the fact that Android 
continues to be the leading target for malware developers 
around the world? The growth of Android, especially 
outside of the U.S., continues to be the real target that 
malware developers have shown significant interest in. 
This paradigm exists solely because the barrier of entry 
is much lower on Android handsets, and at 85 percent 
market share, malware developers are able to get their 
wares on the largest amount of devices by focusing on the 
platform that most consumers choose to carry. 
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An additional paradigm has begun to take shape over the 
last two years which is the increase in low-end Android 
handsets as an attractive price point for the international 
community. This means that more and more devices will 
likely remain vulnerable to attacks due to OS fragmentation. 

Google has made significant progress in closing holes that 
are often used by malware developers in new versions of 
the OS. For instance, Android 4.2 saw a significant change 
when Google incorporated better control of premium SMS 
messaging by notifying a user if an application attempt 
to send SMS to a premium rate SMS service. Current 


platform version statistics indicate that only 57.3 percent 
of Android devices are running OS version 4.2 or greater. 
While the top handset manufacturers are making 
progress in reducing fragmentation, one could argue that 
the increasing presence of low-end handsets with limited 
hardware resources will exacerbate the fragmentation 
problem from a vulnerability and security standpoint. 
While Google continues to work towards securing the 
Android platform from the effects of malware in subsequent 
releases, consumers opting for the low-end handsets may 
never actually experience the new security features. 


IDC reports that Android currently owns 85 percent of the world 
smartphone market with more than 255 million Android units 
being shipped in Q2 2014. 


The growth of Android, especially outside of the U.S., continues 
to be the real target that malware developers have shown 
significant interest in. 


Malware developers are able to get their wares on the largest 
amount of devices by focusing on the platform that most 
consumers choose to carry. 












A WORD ABOUT APPLE 

iOS is Not Completely Immune • Mb Ml 


While it is true that Android malware currently makes up the 
overwhelming majority of known, malicious, mobile malware, 
iOS is not completely immune. It has been reported for 
several years that while it is technically possible to develop 
malware for iOS devices, there are several reasons why the 
malware developer community has generally stayed away 
from expending significant resources on research and 
development against the platform. 

iOS and Android took two distinctly different approaches to 
their application stores. While Android began by cultivating an 
open ecosystem that would be largely policed by the Android 
community, Apple's App Store was tightly controlled with an 
upfront review process and strict terms of service that made 
it difficult for malware developers to get their wares into the 
App Store. This difference, coupled with Android's dominant 
market share position, enticed malware developers towards 
the Android platform for one simple reason: it makes no 
sense to expend precious resources to develop malware for 
an ecosystem that will more than likely never get approved 
into the App Store. Android reaches the largest amount of 
users and the upfront review process did not exist to prohibit 
malware releases. The barrier of entry is significantly lower for 


Android than iOS, thus leaving iOS almost completely out of 
the equation for mobile malware development. 

All of this does not mean that iOS is impervious or incapable 
of being targeted by malware developers. In fact, the exact 
opposite exists in a couple of different paradigms. While 
malware developers have not been focusing on research and 
development of malware for iOS, it is widely known that there 
have been several high profile events that have impacted 
the iOS platform. However, almost all of these events have 
occurred against jailbroken devices that have the ability to 
sideload applications from stores besides the App Store, 
namely Cydia. 

iOS has also seen significant proof of concept research 
indicating that it is certainly possible to get malicious 
applications through the rigorous review process that guards 
the walls of the App Store. Yet, that process has remained 
elusive enough that the average malware developer has 
shown no interest in attempting to do the heavy lifting to 
get their malicious apps into the walled garden. iOS is still 
considered to be secure, from a malware perspective, when 
users remain chained to the official App Store. 
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2014 has seen at least four high profile iOS malware events that could end up being the rallying call needed to entice malware 
developers to begin to focus serious attention of developing for iOS, albeit still focused on jailbroken devices over App Store 
chained devices. In one such case, iOS users appear to have become the victims of nation state spying efforts: 


Global Solutions 

April 2014 revealed a malware campaign that targeted jailbroken iOS devices by malware that had Chinese origins. The 
malware arrived in the form of a library called 'Unflod.dylib' and attempted to hook into all running processes on the 
jailbroken device in order to listen to outgoing SSL connections. The malware appeared to be listening for Apple ID's and 
corresponding passwords in order to send them to preconfigured IP addresses. 


iOS AppBuyer 

September 2014 research identified iOS malware affecting jailbroken devices in the wild. Once infected, AppBuyer would 
attempt to connect to a command and control (C&C) server in orderto download and execute malicious executables. 
The downloaded malicious executables attempted to hook into network API's in orderto steal the device's Apple ID and 
password. Once the ID and password had been uploaded to the C&C server, the attacker's server attempted to simulate 
Apple's protocols to purchase apps from the App Store while charging the victim for the purchases. 


iOS Xsser mRAT 

Also in September 2014, the Lacoon Mobile Security research team discovered a cross platform attack that hit both 
Android and iOS and appeared to have targeted Chinese protesters involved in the Occupy Central protests in Hong 
Kong. The vector for attack is not yet understood, but only jailbroken iOS devices appeared to have been affected. The 
malware arrived by masquerading as an app to help coordinate the Occupy Central protests on Cydia. While there have 
been other iOS Trojans found on Cydia, Xsser mRAT appears to be the most advanced and fully operational with full 
C&C functionality to steal the Address Book, SMS messages, call logs, GPS data, pictures, OS data, Tencent Archive (a 
popular Chinese messaging app), and passwords or other authentication info found in the iOS keychains. Xsser mRAT 
runs immediately after boot and also able to be updated dynamically from the C&C servers. 


iOS WireLurker, Masque Attack 

To many, November 2014 indicated a new era in iOS malware, whereby non-jailbroken devices were infected by a 
sophisticated Trojan. It remains true that iOS users who do not make a concerted effort to bypass Apple's security 
controls and installing pirated software remain safe. WireLurker is the first example of a non-jailbroken iOS device 
being infected by tethering to an infected Mac device. WireLurker arrives by first infecting a Mac OS X machine and then 
infiltrates iOS devices by installing rogue apps when they're connected via USB. WireLurker appears to be fairly primitive 
in its capabilities, but it underscores a major security hold in Apple's pairing mechanism between devices. 
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2014 MALWARE CATEGORIES 


MALWARE 2014 

It's Still an Android's World 


Android users in 2014 have remained fully in the crosshairs 
of mobile malware developers. Garnering 97 percent of 
all malware development to date, Android applications 
continue to offer the lowest barrier to entry among all 
mobile device platforms currently available. 

Showing an increase of 391 percent from 2013 to 2014, the 
MTC collected nearly a million (931,620) unique malicious 
applications in 2014. Analysis of the increase in new, 
unique malware samples provides some insight into the 
goals of the malware developers and the motivations 
surrounding their development cycles. 
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The overwhelming majority, 73 percent, of malware 
encountered by corporate and consumer Android users 
continues to be malware designed to seek immediate 
profit for the developer. 
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Whether it be legitimate applications, that are pirated and 
repackaged to include code that would have the device 
quietly siphoning funds to the attacker over premium 
SMS services, or they are aggressively leveraging adware 
to tap into revenue from ad networks, mobile malware 


developers are leveraging mobile devices to monetize 
their threats like never before. In fact, the ability to take 
profit from an end user with SMS premium services or 
ad networks is a capability of each of the top 10 malware 
threats identified in 2014. 


www.pulsesecure.net 1 1 


2015 MTC Threat Report 










2014 TOP 10 MALWARE FAMILIES 


MONTHLY DEVELOPMENT TRENDS 
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Even though we know that profit taking continues to be a 
driving force for malware developers, we also know that 
there are still a large collection of malware developers that 
continue to push the boundaries of capabilities of their 
wares. The more complex mobile malware applications 
have even begun to incorporate profit taking through ad 
networks or SMS premium services. So while a particular 
developer may be interested in corporate data and personal 
information exfiltration, current trends showdevelopers also 
taking immediate profits in the process. 


This trend becomes even more prevalent when we look at 
the ebb and flow of malware development as it relates to 
consumer activity. Analysis indicates that there is a strong 
attraction towards targeting users on new devices that 
they've received as gifts during the holidays. 61 percent of 
Android malware developed in 2012, 2013, and 2014 was 
done so in the second half of each respective years. The 
MTC don't believe that this trend is an accident. In fact, 
the number would be even higher if we could accurately 
account for malware developed in November and December 
of 2014 that has not yet been collected and analyzed. 


A startling industry trend in mobile anti-malware is that 
only 33 percent of samples created in 2014 were actually 
identified and analyzed for the first time in at least 49 
days after it was created. We can only speculate as to why 
there is such a significant delay in finding these malicious 


applications, but it tells us that detection mechanisms must 
continue to evolve and partnerships between industry 
experts and researchers must continue to improve. 
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The Android Play Store is almost entirely free 
of malicious applications 
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Since Android's entry into the smartphone market and 
the creation of the Android Play Store, Google has gone to 
great lengths by acquiring several different technologies 
and buildinga background review process for applications. 
As it currently stands, the Android Play Store is almost 
entirely free of malicious applications and the Android 
Security Team continues to work to make it more difficult 
for malicious applications to get into the ecosystem. So 
does that mean that malware development for Android 
has or should begin to decline? The short answer is 
absolutely not. 

While Forbes reports that merely 0.1 percent of apps on 
the Play Store carry malicious code, the overwhelming 
majority of Android malware is being developed and 
distributed in unregulated third party app stores in the 
Middle East and Asia. In fact, F-Secure research indicates 
that an Android user would have to download and install 
roughly 1,000 applications before they run the risk of 
encountering malware in the official Play Store. Third 
party app stores fared much worse with Mumayai (6%), 
AnZhi (5%), Baidu (8%), eoeMarket (7%), and liqucn (8%) 
showing significant instances of malicious applications 
being distributed alongside legitimate applications. 



Market Share indicators tell us that U.S. consumers split 
closely between Android and iOS, while the rest of the 
international community is almost entirely dominated by 
Android devices. It is also true that the international mobile 
community is much more likely to browse a third party store 
for their applications than they are to get them from the 
official PlayStore. As outlined above, itisthese third partyapp 
stores that malware developers are peddling their malware, 
often times masqueraded as legitimate applications. 


14 


2015 MTC Threat Report 


Remember that Android's ever increasing market share 
is currently being driven by the flood of low-end Android 
devices. These devices will undoubtedly be left out in the 
cold when Google releases more secure operating systems 
or addresses particular vulnerabilities that malware 
developers are leveraging in order to be successful. 


A perfect storm of unsecure, out-of-date, low-end devices 
connecting to popular third party app stores in densely 
populated areas, that are encountering one malicious 
application in every 20 applications being browsed and 
downloaded, now exists in the Android ecosystem. 


"While Forbes reports that merely 0.1 percent of apps on the Play Store 
carry malicious code, the overwhelming majority of Android malware is 
being developed and distributed in unregulated third party app stores 

in the Middle East and Asia." 
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Data Exfiltration and Ransom 


Today's corporate networks and enterprise environments 
continue to remain attractive targets to nefarious forces 
around the globe. Criminal organizations have expanded 
their revenue streams by building networks of code and 
app developers that target consumers and enterprises. 
State-less and state sponsored terrorist organizations 
leverage similar capabilities to spread their messages and 
infiltrate western governments, while gaining intelligence 
and treasure. 2014 saw foreign governments actively 
targeting American corporations for compromise, data 
exfiltration and in some cases, ransom. 

Enterprise networks, while continually hardened at the 
perimeter, still lack the necessary controls to appropriately 
deal with the ever increasing BYOD push coming from 
employees. PC and mobile malware developers know 
this paradigm exists and they are actively attempting to 
leverage the inherent weakness of mobile devices accessing 
corporate resources and intellectual property. 

Several instances of Android malware provide examples of 
the malware developer community attempting to leverage 
mobile devices in the enterprise to gain access to data and 
resources beyond the perimeter. NotCompatible is an 


example of that capability. Widely agreed to be the most 
complex Android malware developed and successfully 
deployed, NotCompatible follows the trend of repackaged 
apps that are modified and passed off as legitimate 
applications. Once a device is infected, NotCompatible offers 
a proxy and encryption that is designed to facilitate data 
exfiltration from an otherwise secured network. Coupled 
with command and control functionality, NotCompatible 
can be remotely configured and/or modified to allow 
for updated capabilities while stealing sensitive device 
information to the attacker. 

NotCompatible is just one example among many that 
indicates an interest and ability to develop malicious mobile 
malware applications that can be used to target enterprise 
environments for their data, resources, and intellectual 
property. Corporate entities and enterprise environments 
have not been successful in thwarting the efforts of employees 
to gain access to their resources and data from their mobile 
devices. In fact, many have charged forward and embraced 
the productivity value that mobile devices offer. However, very 
few of those same organizations have acquired or deployed 
the necessary tools to protect the data being accessed by 
mobile devices or as it resides on mobile devices. 
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"The mobile industry saw a 
maturing of mobile malware 
markets with the rapid 
expansion of threats that 
profit attackers, while mobile 
security research also grows 
exponentially." 


Where organizations have attempted to embrace BYOD with 
Mobile Device Management (MDM) suites or capabilities, 
they are often met with resistance from users that their 
personal devices are falling under the control of their 
enterprise admins. As such, 2015 should expect to see a 
shift from enterprises tryingto manage and secure an entire 
mobile device via MDM to one of employing workspaces 
to secure only portions of the device that access and store 
corporate data. This shift will be an attempt to reduce 
tensions between enterprise admins and the personal 


device owners over who owns what data and what ability 
the enterprise has to secure data and lock and wipe devices 
at their discretion. Part of this shift will also involve shifts 
on the part of MDM and mobile AV vendors to determining 
the overall health of a device prior to granting access to 
the corporate asset. Vendors will leverage decision point 
tools such as app reputation scoring over outright malware 
identification and host checker tools to identify rooted and 
jailbroken devices. 


www.pulsesecure.net 


17 








CONCLUSION AND 
A LOOK FORWARD 

BYOD Takes Hold in the Enterprise 


As enterprises determine their budget requirements, top- 
level management will debate the merits of a particular 
initiative and weigh the cost of the perceived need. CIO's 
continue to find themselves in the precarious position of 
protecting corporate assets from the risks associated with 
the ever increasing need for mobile access to intellectual 
property and corporate resources. 

The trend of the past five years of increased use of 
personal devices in the corporate infrastructure has 
shown no signs of fading. In fact, the exact opposite 
continues to be driven by the proliferation of disparity 
in the types of platforms that enterprise IT departments 
are asked to support. In the past, the concept of BYOD 
meant that enterprise admins found themselves locked 
into a struggle to identify technologies that would allow 
for centralized management of a vast array of mobile 
device technologies and platforms. The first attempts at 
such an endeavor led to the push for MDM suites in the 
enterprise. As vendors began rolling out their own spins 
on MDM platforms, admins and users began to struggle 
with identifying how an enterprise could manage a 
personally owned device where personal data and apps 
were comingled with enterprise data and intellectual 


"In 2015, MTC expects to see a 
shift from enterprises trying to 
manage and secure an entire 
mobile device via MDM, to 
one of employing workspaces 
to secure only portions of the 
device that access and store 
corporate data." 


property. Users demanded the ability to access corporate 
resources while also maintaining the freedom of 
ownership to use their devices as they saw fit. 

In 2015, MTC expects to see a shift from enterprises trying 
to manage and secure an entire mobile device via MDM, 
to one of employing workspaces to secure only portions of 
the device that access and store corporate data. This shift 
will be an attempt to reduce tensions between enterprise 
admins and the personal device owners, over who owns 
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"2015 will see additional malware development for 
jailbroken devices, potentially risking corporate assets 
if enterprise admins are not performing health checks 
for rooted or jailbroken devices that are attempting to 
connect to enterprise resources." 


what data and what ability the enterprise has to secure 
data and lock and wipe devices at their discretion. Part of 
this shift will also involve shifts on the part of MDM and 
mobile AV vendors to determining the overall health of 
a device prior to granting access to the corporate asset. 
Vendors will leverage decision point tools such as app 
reputation scoring over outright malware identification and 
host checker tools to identify rooted and jailbroken devices. 

As we saw in 2014, there was increased interest in the iOS 
platform amongst malware developers. To date, there 
has been minimal malware development that would have 
the ability to affect iOS devices that remain chained to the 
App Store. Recent statistics indicate that nearly half of all 
Chinese iOS devices were jailbroken in May-June2014. 
As a result of the increased interest in jailbreaking iOS 
devices by the average user, 2014 saw several instances 
of malware development that could affect iOS devices 
that have been jailbroken. Jailbroken devices remain the 
leading threat from iOS devices in the enterprise. 2015 
will see additional malware development for jailbroken 
devices, potentially risking corporate assets if enterprise 
admins are not performing health checks for rooted 
or jailbroken devices that are attempting to connect to 


enterprise resources. Any enterprise that is currently 
engaged with, or considering, an MDM/workspace 
management vendor should be absolutely certain that 
root or jailbroken detection mechanisms are effective 
to determining whether a device should be granted the 
ability to access internal resources. 

2015 is shaping up to include some of the best innovation 
the mobile industry has ever experienced. There will be 
new discoveries, new technologies, and existing giants in 
the vendorspace will test the limitsto increase productivity 
while ensuring the confidentiality, integrity, and availability 
of data. Personal and private data that has, to date, been 
largely comingled, will begin to see real plans formulated 
to separate and secure portions of devices while leaving 
the users to use their devices as they see fit. While all of 
this innovation is taking place, enterprises must continue 
to remain vigilant as cybercriminals continue to look for 
weaknesses to steal company data, intellectual property 
and infiltrate corporate networks. 
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SOLVING THE WORLD'S 
ENTERPRISE MOBILITY 


About Pulse Secure 

Pulse Secure, LLC is a leading provider of access and 
mobile security solutions to both enterprises and service 
providers. Enterprises from every vertical and of all sizes 
utilize the company's Pulse virtual private network (VPN), 
network access control and mobile security products to 
enable end user mobility securely and seamlessly in their 
organizations. Pulse Secure's mission is to enable open, 
integrated enterprise system solutions that empower 
business productivity through seamless mobility. 

About Pulse Secure MTC & 
Mobile Malware Database 

Pulse Secure Mobile Threat Center (MTC) research 
facility conducts around-the-clock security, vulnerability 
and malware research on mobile device platforms and 
technologies. Working with partners throughout the 
security industry, the MTC analyzes attacks that leverage 
mobile devices as well as new threat vectors for mobile 
cybercrime and the potential for exploitation and 
misuse of mobile devices and data. This year, the Pulse 
Secure MTC examined approximately 2.5 million mobile 
applications across major mobile online app stores. 


There are many different ways the industry analyzes 
mobile malware, each with its own methodology. This 
report seeks to measure each application or "instance" 
that can be considered malicious versus only looking at 
the major families of mobile malware. Further, unlike 
many other industry reports that measure when malware 
is found by researchers, the MTC measures when new 
malware is created, which provides a more accurate 
reflection of the growth of mobile malware threats and 
eliminates much of the sample bias when a large cache of 
bad apps are found by researchers. 

The Pulse Secure MTC gathers its malware using a variety 
of methods and sources including: 

• Mobile operating system application stores 

• Third-party application stores around the world 

• Known website repositories of malicious applications 

• Known hacker websites and repositories 

• Application samples submitted by customers 

• Application samples submitted by partners 

• Applications identified "zero day" as malicious 
by Pulse Secure Mobile Security Suite 
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It is important to remember that while the population 
of malicious mobile software is growing rapidly, it still 
remains smaller than threats to computers. There are a 
number of reasons for this. For one, computers have been 
a target much longer than mobile devices, allowing their 
threats to mature over decades versus years. Further, 
most mobile devices do not run anti-malware programs 


to protect against threats, which give less incentive for 
malware authors to create many, different versions of 
their software to slip by detection tools. However, the 
threats are just as complex as what we know exists in the 
PC space. In its truest form, mobile malware has the ability 
to obtain highly complex control over the devices and the 
data it transmits. 


Copyright 2015 Pulse Secure, LLC. All rights reserved. Pulse Secure and the Pulse Secure logo are registered trademarks or Pulse Secure, LLC. All trademarks, 
service marks, registered marks, or registered service marks are the property of their respective owners. Pulse Secure assumes no responsibility for any 
inaccuracies in this document. Pulse Secure reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 
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